According to the latest Forrester report on the Internet of Things (IoT), the amount of IoT devices installed on business networks is outpacing the number of computers on these same networks. Today, handheld devices, phones, webcams, smartwatches, networked security cameras and even smart refrigerators make 60% of an organization’s network map. 84% of IT security leaders believe IoT devices are much less secure than computers. (Armis) They are not wrong and this means that networks today are composed primarily of devices that have increased vulnerabilities and put businesses at greater cyber risk.
In her article, “Protecting IoT devices from unpatched code,” Susan Miller shares research results from Carnegie Mellon University’s CyLab Security and Privacy Institute. The results show that most IoT device firmware update libraries are not updated regularly by developers and therefore leave these devices “outdated and often vulnerable.” Even if you believe that you have applied the latest patch or update to an IoT device, you may still have a vulnerability exposing you to risk as that latest patch may be outdated. As researchers work on solutions to the security issues inherent in IoT devices, it remains critical for businesses and organizations to approach the inclusion of these devices on networks with consideration to cybersecurity risk.
As you consider adding IoT devices to your network, ask the following questions:
- What is the functionality or benefit to my organization in using this device?
- What is the level of risk associated with using this device? Does it increase my exposure to threats?
- Is the functionality or benefit worth the increased risk?
- Does the device manufacturer regularly share patches and updates?
These questions will help you identify vulnerabilities associated with the addition of IoT devices to your network. There are resources available to help with cybersecurity for IoT. The National Institute of Standards and Technology (NIST) provides guidance on cybersecurity for IoT devices. Explore their Cybersecurity for IoT Program for additional resources on IoT and cybersecurity.
NC State Industry Expansion solutions provides free Cybersecurity Awareness and Education online courses to help you keep your mobile devices secure.
Armis. State Of Enterprise IoT Security In North America: Unmanaged And Unsecured. https://www.armis.com/analyst-reports/state-of-enterprise-iot-security-in-north-america-unmanaged-and-unsecured
Miller, Susan. Protecting IoT devices from unpatched code. September 03, 2021. https://gcn.com/articles/2021/09/03/centralized-iot-software-updates.aspx
Katherine Bennett leads the Instructional Design team for NCMEP partner NC State Industry Expansion Solutions. She also serves as project manager for instructional design services. Katherine plays a key leadership role in supporting the IES goal of providing instructional design and development expertise that complements the field-specific expertise of IES partners, while meeting the learning needs of target audiences. Katherine holds a bachelor’s degree in Computer Science from the University of North Carolina at Charlotte and a master’s degree in Instructional Technology from East Carolina University.